mTLS + JWT authentication

We are currently using JWT based end user authentication (Origin authentication). Now we are planning to use SSL certificate authentication via a whitelist of certificates allowed to connect end users (client). However, we want to have this in our Ingress Gateway.

Does istio ingress gateway has the support to handle both type of request.

  • if request has JWT token in header it should use the origin verification using the JWT issuer and provider config.
  • If request has the certificate then it validate the end user using the configured tls settings(serverCertificate, privateKey, caCertificates)